General
-
Target
NJ en lo que regresa.vbs
-
Size
484KB
-
Sample
220106-n2a8jsbbh8
-
MD5
cfe8083b99457520d371e972f4d340a9
-
SHA1
e11e37e2b04513bc50632265e4b81b24209ddd04
-
SHA256
9932a9c3c258842f413e5866e866cf504affb707fbb37fcf02506c54e40f1f21
-
SHA512
021c64c5762b6a75ee9fcabbe33656c49a259f427e94f754e53c31b20a5f2033ec925b114558cdd7ed34477e471a0850eafd8c046dee2961e47a236c2bbd6a64
Static task
static1
Behavioral task
behavioral1
Sample
NJ en lo que regresa.vbs
Resource
win7-en-20211208
Malware Config
Extracted
http://149.56.200.165/dll/3.txt
Extracted
njrat
0.7NC
NYAN CAT
venomsi.mypsx.net:81
4c6c9a1bbdc34e6ebe
-
reg_key
4c6c9a1bbdc34e6ebe
-
splitter
@!#&^%$
Targets
-
-
Target
NJ en lo que regresa.vbs
-
Size
484KB
-
MD5
cfe8083b99457520d371e972f4d340a9
-
SHA1
e11e37e2b04513bc50632265e4b81b24209ddd04
-
SHA256
9932a9c3c258842f413e5866e866cf504affb707fbb37fcf02506c54e40f1f21
-
SHA512
021c64c5762b6a75ee9fcabbe33656c49a259f427e94f754e53c31b20a5f2033ec925b114558cdd7ed34477e471a0850eafd8c046dee2961e47a236c2bbd6a64
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-